{"vulnerability": "CVE-2022-3076", "sightings": [{"uuid": "61367f68-1011-440a-b453-9c57073089db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30768", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14097", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-30768\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A Stored Cross Site Scripting (XSS) issue in ZoneMinder 1.36.12 allows an attacker to execute HTML or JavaScript code via the Username field when an Admin (or non-Admin users that can see other users logged into the platform) clicks on Logout. NOTE: this exists in later versions than CVE-2019-7348 and requires a different attack method.\n\ud83d\udccf Published: 2022-11-15T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-30T16:11:14.969Z\n\ud83d\udd17 References:\n1. https://github.com/ZoneMinder/zoneminder/releases\n2. https://medium.com/%40dk50u1/stored-xss-in-zoneminder-up-to-v1-36-12-f26b4bb68c31", "creation_timestamp": "2025-04-30T17:13:13.000000Z"}, {"uuid": "506b20a6-7461-4104-af71-2616bf936e4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30769", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14099", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-30769\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie to the next logged-in user.\n\ud83d\udccf Published: 2022-11-15T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-30T16:09:27.499Z\n\ud83d\udd17 References:\n1. https://github.com/ZoneMinder/zoneminder/releases\n2. https://medium.com/%40dk50u1/session-fixation-in-zoneminder-up-to-v1-36-12-3c850b1fbbf3", "creation_timestamp": "2025-04-30T17:13:14.000000Z"}, {"uuid": "98788d08-c129-4613-86ba-d75704ace449", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30763", "type": "seen", "source": "https://t.me/cibsecurity/42710", "content": "\u203c CVE-2022-30763 \u203c\n\nJanet before 1.22.0 mishandles arrays.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-16T07:37:17.000000Z"}, {"uuid": "c250e3f8-0f55-4b2b-9008-0bf38de888a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30760", "type": "seen", "source": "https://t.me/cibsecurity/44130", "content": "\u203c CVE-2022-30760 \u203c\n\nAn Insecure Direct Object Reference (IDOR) issue in fn2Web in ihb eG FlexNow before 2.04.09.016 allows remote authenticated attackers to obtain sensitive student information (final grades, study courses, degrees) by changing the student ID parameter in the HTTP POST request to the FrontControllerSS endpoint.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-09T20:33:47.000000Z"}, {"uuid": "fde522ca-fd39-4128-9f83-b42036301313", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3076", "type": "seen", "source": "https://t.me/cibsecurity/50479", "content": "\u203c CVE-2022-3076 \u203c\n\nThe CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-26T16:22:02.000000Z"}, {"uuid": "7dbc5d77-709b-45ef-a269-754ca7cfba9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30765", "type": "seen", "source": "https://t.me/cibsecurity/42716", "content": "\u203c CVE-2022-30765 \u203c\n\nCalibre-Web before 0.6.18 allows user table SQL Injection.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-16T07:26:03.000000Z"}, {"uuid": "7591ec7b-cdac-40d5-926f-a24ca509f80f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30767", "type": "seen", "source": "https://t.me/cibsecurity/42713", "content": "\u203c CVE-2022-30767 \u203c\n\nnfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-16T07:25:58.000000Z"}]}